CVE-2017-14866 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14866): There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1494781 CVE-2017-14865 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14865): There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1494778 CVE-2017-14864 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14864): An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
CVE-2017-14858 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14858): There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1494782 CVE-2017-14857 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14857) In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
At least part of these CVEs is fixed in snapshot 0.26_p20171013.
Current snapshot media-gfx/exiv2-0.26_p20171018 should be unaffected.
(In reply to Andreas Sturmlechner from comment #3) > Current snapshot media-gfx/exiv2-0.26_p20171018 should be unaffected. Thank you Andreas, could you please call for stabilization here when ready?
Cleanup done in git commit cdb23e8b3608be50daebdeb5d904b179a58d8339